spawn-fcgi processes ignore user's other groups
I have observed the following behaviour with spawn-fcgi...
It seems that spawn-fcgi processes are restricted to the user's default group (or the group specified with -g or both - not sure) but in any case, the user's other groups are totally ignored. In the above example, the trac user is a member or the subversion group but a permissiod denied error is received when trying to access the Subversion repository, despite the correct permissions being set.
I have a feeling this might be related to bug #78. By the look of the changeset, the change was only applied to server.c and not spawn-fcgi.c as well.
Updated by Anonymous almost 12 years ago
So are you saying that it is correct that only the exact user and group you specify (and not any other groups that user may be in) should apply? That doesn't seem right to me. I have since found that you can work around the problem by starting spawn-fcgi via sudo instead since that does respect the user's other groups.
Also available in: Atom